CVE-2017-9935 (retired)

Priority
Description
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the
t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead
to different damages. For example, a crafted TIFF document can lead to an
out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or
t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in
t2p_free. Given these possibilities, it probably could cause arbitrary code
execution.
Notes
 ratliff> reproducer errors out rather than crashing on trusty & zesty
 sbeattie> possibly only affects tiff tools, not libtiff itself
 mdeslaur> patch in upstream bug
 mdeslaur> we will not be fixing this issue in precise/esm
Package
Source: tiff (LP Ubuntu Debian)
Upstream:released (4.0.9-2)
Ubuntu 12.04 ESM (Precise Pangolin):ignored
Ubuntu 14.04 LTS (Trusty Tahr):released (4.0.3-7ubuntu0.9)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.0.6-1ubuntu0.4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.0.9-4)
Patches:
Upstream:https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
Upstream:https://gitlab.com/libtiff/libtiff/commit/d4f213636b6f950498a1386083199bd7f65676b9
More Information

Updated: 2019-03-26 12:26:45 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)